Given that I discovered quite a while ago that you can create vnic’s WITHOUT crossbow, in the early 80’s builds (b83+ appears to work), I decided today to try using the vnic’s for exclusive ip stacks in zones. The good news is, it works! The bad news is, besides already being unsupported (as this is Solaris Express), doing things like this is probably super, super unsupported.

So, lets do it.

Create a VNIC:

/usr/lib/vna <physicalAdapter> <fakeMacAddress>

You will get the vnic name returned as “vnic0″, then vnic1, and so on the more times you do this. Always use a different mac address of course, else, fail.

Create a new zone, and when configuring it, set the physical NIC to vnic0, and DO NOT set an address on it.

So, either type the commands below into zonecfg when creating a new zone:

# zonecfg -z <zoneName>

zonecfg:<zoneName>> set ip-type=exclusive

zonecfg:<zoneName>> add net

zonecfg:<zoneName>:net> set physical=vnic0

zonecfg:<zoneName>:net> end

zonecfg:<zoneName>> commit

OR remove the NIC config from an existing zone, and configure the new nic

And now, configure the zone like a regular Solaris 10 host, creating the /etc/hostname.vnic0 file, with a hostname in it, editing /etc/hosts, setting up /etc/resolv.conf, /etc/netmasks, /etc/defaultrouter and so on, and you should be good to go!

You may also wish to write a startup script that runs before the zones come up at boot, to avoid the zone boot failing. It will simply need to contain the /usr/lib/vna lines you used above to configure the vnic’s in the first place.

So, maybe you don’t want to spend any time installing JET (JumpStart Enterprise Toolkit) but you do want to build zones in a jumpstart-ish way, that is - quickly and consistently on say, your laptop for example… oh yeah and you want to do it right now!

Well, there’s probably a boat load of other people who have done something similar to this before, but, whatever. I’ve written a quick script to add and remove zones from a solaris 10 (or in this case, a Solaris Express) machine, with very little thought and virtually no questions asked.

The newZone.ksh script will:

Perform basic verification that your input is sane, such as checking the NIC is plumbed, IP is valid-ish, Zone doesn’t exist

Default to autoboot the zone

Use your existing /etc/sysidcfg, changing only the hostname (easily modifiable for more complex setups)

Allow for post-install scripts to be run, but you must add them yourself (or ask and I’ll give you my basic one).

The rmZone.ksh has basically no error checking, and the script will simply:

Halt the running zone immediately

Uninstall the zone

Delete the zone’s config

The scripts should be relatively easy to follow, and modifable as you see fit. Please don’t redistribute a modified version without my permission.

UPDATE 14 July 2008: Zone Creation Scripts updated to:

Improve handling of invalid input

Resolve bug with sparse zone creation

Additional notes added to this post you must read if you have not installed the zone host from jumpstart (you will need to create a sysidcfg similar to the example)

NOTE for Non-Jumpstarted Machines: The scripts assume the host of your zones was jumpstarted, and as such, has an /etc/sysidcfg file. If it does not, you will want to have one somewhere, by default it looks at /etc/sysidcfg.

For simplicity, you could create one that looks something like this (with the correct paramaters, of course)

system_locale=en_AU.ISO8859-1

timezone=Australia/Sydney

timeserver=localhost

terminal=vt100

name_service=DNS {domain_name=<your domain>

name_server=<your name server>

search=<your search domain>}

security_policy=NONE

root_password=<a crypt version of your password>

network_interface=primary {hostname=<your host name>

netmask=<your netmask>

protocol_ipv6=no

default_route=<your default route>}

nfs4_domain=<your domain name>

replacing all the bits in the < >, and the <hostname> bit with your systems hostname - this is important as the script uses sed to replace this value with your zone’s hostname, if you do not do this, you will get asked all the questions from the installer, and all of a sudden, the automated build isn’t so automated!